remove encryption

device/noise-protocol.go

@@ -14,7 +14,6 @@ import (
 
 	"golang.org/x/crypto/blake2s"
 	"golang.org/x/crypto/chacha20poly1305"
-	"golang.org/x/crypto/poly1305"
 
 	"golang.zx2c4.com/wireguard/tai64n"
 )
@@ -65,7 +64,7 @@ const (
 	MessageResponseSize        = 92                                            // size of response message
 	MessageCookieReplySize     = 64                                            // size of cookie reply message
 	MessageTransportHeaderSize = 16                                            // size of data preceding content in transport message
-	MessageTransportSize       = MessageTransportHeaderSize + poly1305.TagSize // size of empty transport
+	MessageTransportSize       = MessageTransportHeaderSize // size of empty transport (no encryption tag)
 	MessageKeepaliveSize       = MessageTransportSize                          // size of keepalive
 	MessageHandshakeSize       = MessageInitiationSize                         // size of largest handshake related message
 )
@@ -86,8 +85,8 @@ type MessageInitiation struct {
 	Type      uint32
 	Sender    uint32
 	Ephemeral NoisePublicKey
-	Static    [NoisePublicKeySize + poly1305.TagSize]byte
-	Timestamp [tai64n.TimestampSize + poly1305.TagSize]byte
+	Static    [NoisePublicKeySize + Poly1305TagSize]byte
+	Timestamp [tai64n.TimestampSize + Poly1305TagSize]byte
 	MAC1      [blake2s.Size128]byte
 	MAC2      [blake2s.Size128]byte
 }
@@ -97,7 +96,7 @@ type MessageResponse struct {
 	Sender    uint32
 	Receiver  uint32
 	Ephemeral NoisePublicKey
-	Empty     [poly1305.TagSize]byte
+	Empty     [Poly1305TagSize]byte
 	MAC1      [blake2s.Size128]byte
 	MAC2      [blake2s.Size128]byte
 }
@@ -113,7 +112,7 @@ type MessageCookieReply struct {
 	Type     uint32
 	Receiver uint32
 	Nonce    [chacha20poly1305.NonceSizeX]byte
-	Cookie   [blake2s.Size128 + poly1305.TagSize]byte
+	Cookie   [blake2s.Size128 + Poly1305TagSize]byte
 }
 
 var errMessageLengthMismatch = errors.New("message length mismatch")
@@ -615,27 +614,13 @@ func (peer *Peer) BeginSymmetricSession() error {
 	handshake.mutex.Lock()
 	defer handshake.mutex.Unlock()
 
-	// derive keys
+	// determine initiator role
 
 	var isInitiator bool
-	var sendKey [chacha20poly1305.KeySize]byte
-	var recvKey [chacha20poly1305.KeySize]byte
 
 	if handshake.state == handshakeResponseConsumed {
-		KDF2(
-			&sendKey,
-			&recvKey,
-			handshake.chainKey[:],
-			nil,
-		)
 		isInitiator = true
 	} else if handshake.state == handshakeResponseCreated {
-		KDF2(
-			&recvKey,
-			&sendKey,
-			handshake.chainKey[:],
-			nil,
-		)
 		isInitiator = false
 	} else {
 		return fmt.Errorf("invalid state for keypair derivation: %v", handshake.state)
@@ -644,18 +629,15 @@ func (peer *Peer) BeginSymmetricSession() error {
 	// zero handshake
 
 	setZero(handshake.chainKey[:])
-	setZero(handshake.hash[:]) // Doesn't necessarily need to be zeroed. Could be used for something interesting down the line.
+	setZero(handshake.hash[:])
 	setZero(handshake.localEphemeral[:])
 	peer.handshake.state = handshakeZeroed
 
-	// create AEAD instances
+	// create keypair without encryption
 
 	keypair := new(Keypair)
-	keypair.send, _ = chacha20poly1305.New(sendKey[:])
-	keypair.receive, _ = chacha20poly1305.New(recvKey[:])
-
-	setZero(sendKey[:])
-	setZero(recvKey[:])
+	keypair.send = nil  // no encryption
+	keypair.receive = nil  // no decryption
 
 	keypair.created = time.Now()
 	keypair.replayFilter.Reset()